first-party-sets icon indicating copy to clipboard operation
first-party-sets copied to clipboard

Published 20 hours ago verified publisher icon WICG

Set Validation/Approval Ownership Details

Open bvandersloot-mozilla opened this issue 2 years ago • 1 comments

There are several details of the set validation process that are left out at this point. Since the spec recently converted away from leaving this to a trusted-third party (the IEE), it is worth diving into what replaces it.

Currently First Party Sets relies on a “public submission process (like a GitHub repository)” to validate and approve sets. Here are some gray areas I see in abuse mitigation measures that I am curious about:

  • Would the list of sets be per-browser or would it be common to FPS-supporting browsers?
  • Who has the ability to add sets to the list?
  • Who handles reports of invalid sets?
  • How are the definitions of “ownership” and “affiliation with the set primary is clearly presented to users” managed?
  • Will there be moderation of the public process? If so, who maintains it?

Since the submission process is trusted to manage the privacy model exceptions this proposal creates, I think it is important to consider in more detail.

bvandersloot-mozilla avatar Aug 24 '22 15:08 bvandersloot-mozilla

A proposed alternative to FPS, titled GDPR Validated Sets (GVS), explains an alternative which addresses the problems with the "public submission process (like a GitHub repository)" and associated issues such as the use of heuristics.

jwrosewell avatar Aug 24 '22 16:08 jwrosewell